viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(beads-server): fix Workbench GraphQL URL for remote hosting

Browse source 
Dolt Workbench hardcodes http://localhost:9002/graphql in the built JS.
For k8s hosting, init container patches this to relative /graphql path.
Second ingress routes /graphql to port 9002 behind Authentik auth.

- Init container copies static JS to writable emptyDir, patches URL
- Pre-seeds store.json with Dolt connection config
- Added /graphql ingress with Authentik forward-auth

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-04-15 21:53:57 +00:00
parent 375a3d91d5
commit b98890d799
1 changed files with 111 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

111
stacks/beads-server/main.tf
View file

@ -178,6 +178,22 @@ resource "kubernetes_service" "dolt" {
# Dolt Workbench (web UI)
resource "kubernetes_config_map" "workbench_store" {
metadata {
name = "workbench-store"
namespace = kubernetes_namespace.beads.metadata[0].name
}
data = {
"store.json" = jsonencode([{
name = "beads"
connectionUrl = "mysql://beads@dolt.beads-server.svc.cluster.local:3306/code"
hideDoltFeatures = false
useSSL = false
type = "mysql"
}])
}
}
resource "kubernetes_deployment" "workbench" {
metadata {
name = "dolt-workbench"
@ -201,6 +217,35 @@ resource "kubernetes_deployment" "workbench" {
}
}
spec {
init_container {
name = "seed-config"
image = "dolthub/dolt-workbench:latest"
command = ["sh", "-c", <<-EOT
# Seed connection store
cp /config/store.json /store/store.json
# Copy static JS to writable volume and patch GraphQL URL
cp -r /app/web/.next/static/* /static/
for f in /static/chunks/pages/_app-*.js; do
sed -i 's|http://localhost:9002/graphql|/graphql|g' "$f"
done
echo "Patched GraphQL URL to /graphql"
EOT
]
volume_mount {
name = "store-config"
mount_path = "/config"
read_only = true
}
volume_mount {
name = "store"
mount_path = "/store"
}
volume_mount {
name = "static-patched"
mount_path = "/static"
}
}
container {
name = "workbench"
image = "dolthub/dolt-workbench:latest"
@ -214,6 +259,15 @@ resource "kubernetes_deployment" "workbench" {
container_port = 9002
}
volume_mount {
name = "store"
mount_path = "/app/store"
}
volume_mount {
name = "static-patched"
mount_path = "/app/web/.next/static"
}
startup_probe {
http_get {
path = "/"
@ -249,6 +303,21 @@ resource "kubernetes_deployment" "workbench" {
}
}
}
volume {
name = "store-config"
config_map {
name = kubernetes_config_map.workbench_store.metadata[0].name
}
}
volume {
name = "store"
empty_dir {}
}
volume {
name = "static-patched"
empty_dir {}
}
}
}
}
@ -276,6 +345,11 @@ resource "kubernetes_service" "workbench" {
port = 80
target_port = 3000
}
port {
name = "graphql"
port = 9002
target_port = 9002
}
}
}
@ -300,3 +374,40 @@ module "ingress" {
"gethomepage.dev/pod-selector" = ""
}
}
# GraphQL API ingress the frontend JS hardcodes localhost:9002/graphql,
# but we rewrite the browser request to hit the same hostname on /graphql
# routed to port 9002.
resource "kubernetes_ingress_v1" "graphql" {
metadata {
name = "dolt-workbench-graphql"
namespace = kubernetes_namespace.beads.metadata[0].name
annotations = {
"traefik.ingress.kubernetes.io/router.middlewares" = "traefik-authentik-forward-auth@kubernetescrd"
}
}
spec {
ingress_class_name = "traefik"
tls {
hosts = ["dolt-workbench.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "dolt-workbench.viktorbarzin.me"
http {
path {
path = "/graphql"
path_type = "Exact"
backend {
service {
name = kubernetes_service.workbench.metadata[0].name
port {
number = 9002
}
}
}
}
}
}
}
}